CVE-2018-1999030 – org.jenkins-ci.plugins:maven-artifact-choicelistprovider

Package

Manager: maven
Name: org.jenkins-ci.plugins:maven-artifact-choicelistprovider
Vulnerable Version: >=0 <1.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00035 pctl0.08719

Details

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Metadata

Created: 2022-05-13T01:50:55Z
Modified: 2024-01-09T20:53:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fjh2-qhfh-rvfc/GHSA-fjh2-qhfh-rvfc.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-fjh2-qhfh-rvfc
Finding: F038
Auto approve: 1